CVE-2020-1401
published 2020-07-14CVE-2020-1401: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code…
PriorityP343high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
13.18%
95.9th percentile
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.
Affected
70 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-58gq-w922-g4r3: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1400 [HIGH] CWE-119 GHSA-58gq-w922-g4r3: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.
GHSA
GHSA-xjpq-582q-q6mh: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1401 [HIGH] CWE-119 GHSA-xjpq-582q-q6mh: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.
GHSA
GHSA-h4rm-8p4f-gfh7: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1407 [HIGH] CWE-119 GHSA-h4rm-8p4f-gfh7: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401.
Microsoft
Jet Database Engine Remote Code Execution Vulnerability
vendor_msrc·2020-07-14·CVSS 7.8
CVE-2020-1401 [HIGH] Jet Database Engine Remote Code Execution Vulnerability
Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Microsoft JET Database Engine: Microsoft JET Database Engine
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference:
No detection rules found.
No public exploits indexed.
Unit42
Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
blogs_unit42·2020-10-02·CVSS 7.8
[HIGH] Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
## Overview
Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), as part of its last nine months of security update releases.
## Vulnerabilities
The Microsoft vulnerabilities discovered included 27 vulnerabilities rated “important,” including Remote Code Execution, Privilege Elevation, Information Disclosure and one Denial of Service vulnerability.
The Unit 42 researchers credited are Zhibin Zhang, Tao Yan, Bo Qu, Gal De Leon, Haozhe Zhang, Bar Lahav, Yaron Samuel and Nadav Markus. Zhibin Zhang was also recognized as the top vulnerability discoverer in Q1 from the MSRC and most recently ranked 7th for the MSRC 2020 Q2 Security Leaderboard.
The recently discovered vulnerabili
Unit42
Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
blogs_unit42·2020-10-02·CVSS 7.8
[HIGH] Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
Threat Research Center
Threat Research
Vulnerabilities
## Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
John Harrison
Published: October 2, 2020
Threat Research
Vulnerabilities
Microsoft
Microsoft Security Response Center
Microsoft Security Response Center (MSRC)
Privilege escalation
Remote Code Execution
## Overview
Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC) , as part of its last nine months of security update releases.
## Vulnerabilities
The Microsoft vulnerabilities discovered included 27 vulnerabilities rated “important,” including Remote Code Execution, Privilege Elevation, Information Disclosure and one Denial of Service v
Tenable
Microsoft’s July 2020 Patch Tuesday Addresses 123 CVEs Including Wormable Windows DNS Server RCE (CVE-2020-1350) (SIGRed)
blogs_tenable·2020-07-14·CVSS 10.0
[CRITICAL] Microsoft’s July 2020 Patch Tuesday Addresses 123 CVEs Including Wormable Windows DNS Server RCE (CVE-2020-1350) (SIGRed)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2020-07-14
Published